TeaMp0isoN Hacks RIM Blog

Posted by SmsMyCustomers FSecure on 9/Aug/2011 in Security Alert Log, Syndicated | Comments Off

There’s social unrest underway in the UK and communities are bracing for a fourth night of looting and riots.

The “viral civil unrest” has been spreading for several days now, and reportedly, RIM’s BlackBerry Messager (BBM) is one of the viral components would-be anarchists have used to organize themselves. As a result, RIM made a public statement that it would assist the UK authorities. And what happened next was rather predictable (at least to us).

TeaMp0isoN, a hacktivist group targeted The Official BlackBerry Blog.

Higher resolution

Here’s the text:

This hack is a response to this statement by RIM:

- TriCk – TeaMp0isoN -
- Greets To: iN^SaNe – Hex00010 – MLT – BlackHacker

Par for the course, Twitter was used to broadcast details of the hack.

After some attempts to remove the post, RIM eventually took the blog offline.

On 09/08/11 At 03:34 PM

Black Hat USA 2011

Posted by SmsMyCustomers FSecure on 6/Aug/2011 in Security Alert Log, Syndicated | Comments Off

It’s the week of Black Hat and DEF CON and thousands of computer security experts have gathered to Las Vegas.

Hot topics this year include Siemens PLC security, revamping the SSL model and Mac laptop batteries.

Mikko keynoting in DEF CON 19

One talk which was highly anticipated was Riley Hassell’s and Shane Macauley’s “Hacking Android”. For mysterious reasons both speakers never showed up for their own talk, leading to wild conspiracy theories on why this might have happened.

However, from antivirus point of view, the most interesting talk was Tavis Ormandy’s talk titled “Sophail”.

In the summer of 2010, Tavis Ormandy found a zero-day vulnerability from Windows Help and Support Center. Five days after informing Microsoft of the vulnerability, and before Microsoft had shipped a patch for it, Tavis publicly released proof-of-concept code. Days later, unknown malware authors integrated this code into drive-by-download exploits, which went on to infect tens of thousands of computers around the world.

Sophos experts vocally criticized Tavis for his action, and even nicknamed the patch that eventually followed to “Patch Tavis”

Fast forward to summer of 2011, and Tavis Ormandy released “A critical analysis of Sophos Anti-virus” in Black Hat.

In his highly unusual talk, Tavis explained that he had reverse engineered the Sophos anti-virus engine and released tools to decrypt the protection systems of Sophos detection databases.

Shifting gears, it’s good to note that connecting to a wireless network during DEF CON is really not recommended. There are simply too many hackers playing with the networks to make them safe. Even the official program pamflet wishes you “good luck” in connecting to the party network. This is nicely illustrated by just looking at the list Wi-Fi hotspots that were available in the DEF CON hotel:

Signing off,
-BO

On 06/08/11 At 03:48 AM

F-Secure / Bellshouth Phishing

Posted by SmsMyCustomers FSecure on 25/Jul/2011 in Scams, Security Alert Log | Comments Off

We were tipped by an alert user (thanks Walt) about this phishing scam targeting F-Secure and Bellsouth.

The fake email used in the attack looks like this:

Please disregard such obvious phishing emails and delete them. Similar attacks have been targeting other operators and other antivirus companies as well.

On 25/07/11 At 02:06 PM

On Android threats Spyware:Android/SndApps.A and Trojan:Android/SmsSpy.D.

Posted by SmsMyCustomers FSecure on 15/Jul/2011 in Security Alert Log, Trojans | Comments Off

The following is an excellent writeup on a new Android spyware app and trojan (Spyware:Android/SndApps.A and Trojan:Android/SmsSpy.D) that are doing the rounds. The article comes from the fantastic guys and girls over at F-Secure.

Android malware seems to be all the rage at the moment. Here’s a few comments on a couple interesting side issues we’ve been discussing as we’ve seen them crop up during analyses.

First up: there was a recent report on suspicious applications found the official Android Market. The apps in question have since been taken off the Market, but our threat hunting team still come across them in forums and other such locations, usually promoted as ‘free apps’.

The applications themselves appear to be straightforward games. At some point however, it looks like additional services were added to the apps.

The earlier versions didn’t ask for anything other than Internet access

(more…)

JailbreakMe Lulz

Posted by SmsMyCustomers FSecure on 8/Jul/2011 in Security Alert Log | Comments Off

Perhaps you’ve heard the news? JailbreakMe 3.0 went live yesterday. What’s JailbreakMe? It’s an easy way to jailbreak an Apple iOS device using a PDF (related) vulnerability. It’s done with a “drive-by” style exploit. All somebody needs to jailbreak their (newer) iPad/iPhone/iPod is to visit jailbreakme.com and to touch the free/install button. The German Federal Office for Information Security has issued a warning about this. They’re concerned about the potential for targeted malicious attacks using trojanized versions of the JailbreakMe exploit. And that’s certainly possible, in theory We’ve been asked: do we anticipate any attacks against iOS devices? Targeted attacks? No, not really. It could happen, but we don’t really anticipate any as such. However, we wouldn’t be at all surprised if some AntiSec hacker group attempted something “for the lulz”. And just how would somebody attack iOS devices? Via attachments? Attachments? No. E-mail is so not the attack vector in this case (never was on an iOS device). What folks should be careful with are their social media apps, particularly Twitter. A Twitter account belonging to Fox News was recently hacked and used to declare the death of Barack Obama. That hacked account could just have easily posted malicious links. (more…)

Congratulations!!! You won £2m pounds: SMS 419 Scams

Posted by SmsMyCustomers FSecure on 8/Jul/2011 in Scams, Security Alert Log | Comments Off

Topi Kanniainen, from Digitoday contacted us regarding an SMS advance fee fraud (419) scam message that he received. It turns out that a member of our Threat Research team has also received such a message, back in January — he saved it. Here’s what it looks like: Here’s ukmobilelotto.com: Google Apps? The (cloud friendly) scammers probably built and paid for it using stolen funds. So what happens if you call the number? Believe it or not, there’s actually somebody on the other end of these phone numbers that answer if called. If they think you sound vulnerable, they’ll attempt to scam you in a variety of ways. We called the number from Topi’s SMS with one of our “burn” phones and uploaded the results to the Labs’ YouTube channel. (more…)

Cloned Android Apps: Symbiosis or Parasitic?

Posted by SmsMyCustomers FSecure on 8/Jul/2011 in Security Alert Log | Comments Off

There was a recent report of a malicious Android package installation being hosted on a fake “Android Market”-lookalike site, which was pushed to users from an advertisement link. The distribution strategy itself is not new. We saw variations of this happening with Google advertisements 2 years back, though in that case it was rogue or scareware that was being pushed by the advertisements. What is interesting about the case is: Android application repackaging. We’ve seen this tactic being used quite frequently in the last few months, as it seems to be the favored “quick” way for malware authors to produce new Android malware. What’s also interesting is that this seems to be a popular way for developers to produce “new”, clean applications. We’ve been seeing a rash of repackaged applications posted on the official Android Market. (Android apps are written in Java, and so they have a very low threshold for cloning, there are no real barriers to reverse engineer them.) (more…)

Which is More Secure, iOS or Android?

Posted by admin on 28/Jun/2011 in Security Alert Log | 0 comments

As mobile connected devices become more popular, it’s putting more importance on the need for mobile security.

That’s why Symantec recently undertook a lengthy analysis of Apple’s iOS and Google Android, comparing the two operating systems to each other and to desktop platforms in terms of vulnerability to security threats.

Mobile is more secure, unless you go outside the playground

Symantec says that mobile devices definitely do offer improved security over their PC counterparts. But unsurprisingly, given that Symantec sells mobile security solutions for enterprise, the firm also found that “major gaps remain” in the overall mobile security picture, especially when it comes to securing enterprise assets. Still, even given the company’s bias in this matter, the results of its comparison between iOS and Android reveal two very different approaches to safeguarding mobile users.

In the 23-page report, Symantec outlines how iOS specifically offers “strong protection against traditional malware,” due mostly to Apple’s app approval process and the way the company vets iOS app developers to identify and eliminate attackers. Google, on the other hand, doesn’t employ this kind of screening procedure, which Symantec agues has “led to today’s increasing volume of Android-specific malware.”

Read Full Article On Gigaom.com

Phone Users Blind to Hacking Risks

Posted by admin on 7/Apr/2011 in In The News, Security Alert Log | 0 comments

I came across this article on adelaidenow.com.au and while it is stating the bleeding obvious to many of us, it just doesn’t seem as if the message is getting through to the vast majorities!

An excerpt from the article follows

SMARTPHONE fanatics may be getting “mugged” by their own mobile, according to a new study.

As many as a third are oblivious to the increasing security risks associated with using their new iPhone, Blackberry or Android-powered device.

The threat is particularly acute when using the gadgets for financial transactions and to store personal information.

An estimated 13 per cent of smartphone users said location data had been unknowingly embedded on their handset, enabling others to track where they are at any time.

More than 79 per cent were not even aware this was possible.

The study by anti-virus software company AVG and the consumer research organisation Ponemon Institute comes as smartphone sales in Australia doubled last year.

Read the full article on adelaidenow.com.au.

Australian IT Reports On Hackers Targeting Smartphones and Social Networks

Posted by admin on 7/Apr/2011 in In The News, Security Alert Log | 0 comments

I read an article on Australian IT this morning saying exactly what we have been telling you about for a while now. Hackers are targeting smartphones and social networks. Don’t ever say that nobody tried to warn you.

Here is an excerpt from the article.

Hackers are preying on smartphones and social networking hotspots, according to reports released by two computer security firms.

Cyber-criminals are also ramping up the sophistication and frequency of attacks on business and government networks, one of the companies, Symantec, said in the latest volume of its Internet Security Threat Report.

Symantec depicted a “massive” volume of more than 286 new computer threats on the internet last year, continued growth in attacks at online social networks and “a notable shift in focus” by hackers to mobile devices.

“The major mobile platforms are finally becoming ubiquitous enough to garner the attention of attackers,” Symantec said in its findings.

In March, smartphones running on Google-backed Android software were the target of the largest attack ever on the devices, noted a PandaLabs report focused on the first three months of this year.

Read the full article on Australian IT.